Detections
Analytics
Nagios Log Server < 1.4.2 Multiple Vulnerabilities
critical Nessus Network Monitor Plugin ID 9599
Synopsis
The remote host is running a version of Nagios Log Server that is affected by multiple attack vectors.Description
Versions of Nagios Log Server prior to 1.4.2 are vulnerable to the following issues :- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the '/nagioslogserver/dashboard' script does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw exists in the 'api/check/create/1' script that is due to the server failing to properly enforce access controls related to the 'alert' parameter. This may allow a remote attacker to execute arbitrary code.
- A flaw exists that is due to the program setting insecure permissions for 'get_logstash_ports.sha'. This may allow a local attacker to gain elevated privileges.
Solution
Upgrade Log Server to version 1.4.2 or later.See Also
http://www.security-assessment.com/files/documents/advisory/NagiosLogServerAdvisory.pdf
https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
Plugin Details
Severity: Critical
ID: 9599
Family: CGI
Published: 9/30/2016
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 7/22/2016
Vulnerability Publication Date: 8/11/2016